chore: restructure for metallb and certmanager

uselagoon · Jun 4, 2024 · 4e10a8d · 4e10a8d
1 parent 2d7001d
commit 4e10a8d
Show file tree

Hide file tree

Showing 13 changed files with 269 additions and 102 deletions.
diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml
@@ -65,7 +65,8 @@ jobs:
         (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
       run: |
         docker network create kind
-        export KIND_NODE_IP=$(docker run --network kind --rm alpine ip -o addr show eth0 | sed -nE 's/.* ([0-9.]{7,})\/.*/\1/p')
+        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"') 
+        export KIND_NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
         envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml
 
     - name: Create kind cluster
@@ -84,7 +85,8 @@ jobs:
         (steps.list-changed.outputs.changed == 'true') ||
         (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
       run: |
-        NODE_IP="$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')"
+        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
+        NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
         echo Checking for NODE_IP "$NODE_IP"
         grep $NODE_IP test-suite.kind-config.yaml
 
@@ -100,6 +102,9 @@ jobs:
         helm repo add amazeeio https://amazeeio.github.io/charts/
         helm repo add lagoon https://uselagoon.github.io/lagoon-charts/
         helm repo add nats https://nats-io.github.io/k8s/helm/charts/
+        helm repo add metallb https://metallb.github.io/metallb
+        helm repo add jetstack https://charts.jetstack.io
+        helm repo add jouve https://jouve.github.io/charts/
 
     - name: Install gojq
       if: |

diff --git a/Makefile b/Makefile
diff --git a/charts/lagoon-build-deploy/ci/linter-values.yaml b/charts/lagoon-build-deploy/ci/linter-values.yaml
@@ -1,9 +1,11 @@
 rabbitMQUsername: lagoon
 rabbitMQPassword: ci
-rabbitMQHostname: lagoon-core-broker
+rabbitMQHostname: lagoon-core-broker.lagoon-core.svc
 lagoonTargetName: ci-local-control-k8s
 sshPortalHost: lagoon-remote-ssh-portal.lagoon.svc
 sshPortalPort: 22
-lagoonTokenHost: lagoon-core-token.lagoon.svc
+lagoonTokenHost: lagoon-core-token.lagoon-core.svc
 lagoonTokenPort: 22
-lagoonAPIHost: http://lagoon-core-api.lagoon.svc:80
+lagoonAPIHost: http://lagoon-core-api.lagoon-core.svc:80
+extraArgs:
+  - "--skip-tls-verify=true"
diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml
@@ -141,7 +141,7 @@ harbor:
   # the following are REQUIRED values if harbor is enabled
   adminPassword: Harbor12345
   adminUser: admin
-  host: http://registry.172.16.0.1.nip.io:32080
+  host: http://registry.172.16.0.1.nip.io
   # rotationCron: 0 1 * * *
 
   # the expiration length of new robot credentials

diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml
@@ -222,33 +222,34 @@ natsConfig:
     secretData:
       ca.crt: |
         -----BEGIN CERTIFICATE-----
-        MIIBgDCCASagAwIBAgIUe/jnFQ0sqoJKQP9CmguStIhyCNcwCgYIKoZIzj0EAwIw
-        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yMjAzMDMxNDU2MDBa
-        Fw0zMjAyMjkxNDU2MDBaMB4xHDAaBgNVBAMTE25hdHMtY2EuZXhhbXBsZS5jb20w
-        WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT6ZjUtTIpBJSgGRyQIPdcFKBkt3h76
-        eyIdFVkR4L5NxVLwxyrj3ejbkA/KtbHfT+5+i1lpFyneUnCv8uJMGXXDo0IwQDAO
-        BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJnGYc+vw
-        zYXQvaFUImSZnEytUkkwCgYIKoZIzj0EAwIDSAAwRQIgET+GwxQ2TokxnPkNhgjb
-        zJ6PDtVHMNclAWSDebP9nnwCIQDrblreePb+pUBHvxFZNVFYBV4wF2gEkJC51tjw
-        a8aklQ==
+        MIIBgDCCASagAwIBAgIUUbG6sFBXxdA1wxjmlt/zkfpQTTwwCgYIKoZIzj0EAwIw
+        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yNDA0MTUwNDA4MDBa
+        Fw0zNDA0MTMwNDA4MDBaMB4xHDAaBgNVBAMTE25hdHMtY2EuZXhhbXBsZS5jb20w
+        WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRF6Wjy5sm5quCKkqFBZERPcrCj2fL
+        xKjCNDJtwZijhR/DoHPImxnxXbcNuqXmFENDsleAXBb0YHTC6nauSCVmo0IwQDAO
+        BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPCFB/EwR
+        pk6xM9YSqzbLgchB6fQwCgYIKoZIzj0EAwIDSAAwRQIgCSCLQTN1K703YR/VXY+G
+        iYmI+nuDxvSE7s/u5hhmh+wCIQDXoxiQvQuokI06j6W1K5UgR6h9dUoKeTFQIqXp
+        uKPLhg==
         -----END CERTIFICATE-----
       server.crt: |
         -----BEGIN CERTIFICATE-----
-        MIIB6TCCAY+gAwIBAgIUU0rJ7NyqtVt26P4ymCHc2wI1xTgwCgYIKoZIzj0EAwIw
-        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yMjAzMDMxNDU2MDBa
-        Fw0zMjAyMjkxNDU2MDBaMCgxJjAkBgNVBAMTHWxhZ29vbi1jb3JlLW5hdHMtY29u
-        Y2VudHJhdG9yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzOKHU61tPi3IS4Tb
-        TekSPQ5j0eS3ALLR8AhHY+lV6K3FNHnrCeCkBP12Kg3c29fjk3OnvdOixqgjXTO9
-        1GvhgqOBoDCBnTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
-        DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUs3UCwAl/W6+UyUMhlyL/P2igQCQwHwYD
-        VR0jBBgwFoAUJnGYc+vwzYXQvaFUImSZnEytUkkwKAYDVR0RBCEwH4IdbGFnb29u
-        LWNvcmUtbmF0cy1jb25jZW50cmF0b3IwCgYIKoZIzj0EAwIDSAAwRQIhAOEZUQfm
-        tuziNxJqFdnsQqzEHHDcFBJsMqzC2T4AChinAiBr/BMy3ZFUE57629+mvnevQKF2
-        Xj0jfUL6vS82EAusNQ==
+        MIICGDCCAb6gAwIBAgIUJC6a9n2zJYl7nOZ2AutYhyjVmQswCgYIKoZIzj0EAwIw
+        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yNDA0MTUwNDA4MDBa
+        Fw0zNDA0MTMwNDA4MDBaMCgxJjAkBgNVBAMTHWxhZ29vbi1jb3JlLW5hdHMtY29u
+        Y2VudHJhdG9yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENf2wtlM9sSu330UX
+        gZTkAOZBRkH2V6YZG7rB/7pTtO0yKQmIfr+lK1mz+rBGD+GIUJQH5tOh6ufSx8ca
+        ut1bfaOBzzCBzDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
+        DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtH0LRNOWRz/mKPbaC5CbmWstAKEwHwYD
+        VR0jBBgwFoAUPCFB/EwRpk6xM9YSqzbLgchB6fQwVwYDVR0RBFAwToIdbGFnb29u
+        LWNvcmUtbmF0cy1jb25jZW50cmF0b3KCLWxhZ29vbi1jb3JlLW5hdHMtY29uY2Vu
+        dHJhdG9yLmxhZ29vbi1jb3JlLnN2YzAKBggqhkjOPQQDAgNIADBFAiEA/K5i1Ywq
+        CaKsntUSiMDTZSYvEtLb+ZxOn71RnDYP4JUCIG6TZVFfMiYPZ0gGLMRMf666E3bB
+        0U5vgRqQhghJPbpM
         -----END CERTIFICATE-----
       server.key: |
         -----BEGIN EC PRIVATE KEY-----
-        MHcCAQEEIEEOrqm8DWTCnc6rq2OHmWcfSu/ewpv009gD9ekvWKMDoAoGCCqGSM49
-        AwEHoUQDQgAEzOKHU61tPi3IS4TbTekSPQ5j0eS3ALLR8AhHY+lV6K3FNHnrCeCk
-        BP12Kg3c29fjk3OnvdOixqgjXTO91Gvhgg==
+        MHcCAQEEIBqSIJXbR9H4WChftIW2QwJmGD+5QjlfwBCkspRBcsSHoAoGCCqGSM49
+        AwEHoUQDQgAENf2wtlM9sSu330UXgZTkAOZBRkH2V6YZG7rB/7pTtO0yKQmIfr+l
+        K1mz+rBGD+GIUJQH5tOh6ufSx8caut1bfQ==
         -----END EC PRIVATE KEY-----
diff --git a/charts/lagoon-core/nats-tls/server.json b/charts/lagoon-core/nats-tls/server.json
@@ -1,6 +1,7 @@
 {
   "hosts": [
-    "lagoon-core-nats-concentrator"
+    "lagoon-core-nats-concentrator",
+    "lagoon-core-nats-concentrator.lagoon-core.svc"
   ],
   "CN": "lagoon-core-nats-concentrator",
   "key": {

diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml
@@ -1,18 +1,18 @@
 global:
   rabbitMQUsername: lagoon
   rabbitMQPassword: ci
-  rabbitMQHostname: lagoon-core-broker
+  rabbitMQHostname: lagoon-core-broker.lagoon-core.svc
 
 lagoon-build-deploy:
   enabled: true
   lagoonTargetName: ci-local-control-k8s
   taskSSHHost: lagoon-core-ssh.lagoon.svc
   taskSSHPort: 2020
-  taskAPIHost: http://lagoon-core-api.lagoon.svc:80
+  taskAPIHost: http://lagoon-core-api.lagoon-core.svc:80
   # remove on next release
   rabbitMQUsername: lagoon
   rabbitMQPassword: ci
-  rabbitMQHostname: lagoon-core-broker
+  rabbitMQHostname: lagoon-core-broker.lagoon-core.svc
 
 dockerHost:
   image:
@@ -41,39 +41,39 @@ nats:
   #     lagoon-remote-nats-client: "true"
 
 natsConfig:
-  coreURL: "nats://ci-ssh-portal:ci-password@lagoon-core-nats-concentrator:7422"
+  coreURL: "nats://ci-ssh-portal:ci-password@lagoon-core-nats-concentrator.lagoon-core.svc:7422"
   tls:
     secretData:
       ca.crt: |
         -----BEGIN CERTIFICATE-----
-        MIIBgDCCASagAwIBAgIUe/jnFQ0sqoJKQP9CmguStIhyCNcwCgYIKoZIzj0EAwIw
-        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yMjAzMDMxNDU2MDBa
-        Fw0zMjAyMjkxNDU2MDBaMB4xHDAaBgNVBAMTE25hdHMtY2EuZXhhbXBsZS5jb20w
-        WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT6ZjUtTIpBJSgGRyQIPdcFKBkt3h76
-        eyIdFVkR4L5NxVLwxyrj3ejbkA/KtbHfT+5+i1lpFyneUnCv8uJMGXXDo0IwQDAO
-        BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJnGYc+vw
-        zYXQvaFUImSZnEytUkkwCgYIKoZIzj0EAwIDSAAwRQIgET+GwxQ2TokxnPkNhgjb
-        zJ6PDtVHMNclAWSDebP9nnwCIQDrblreePb+pUBHvxFZNVFYBV4wF2gEkJC51tjw
-        a8aklQ==
+        MIIBgDCCASagAwIBAgIUUbG6sFBXxdA1wxjmlt/zkfpQTTwwCgYIKoZIzj0EAwIw
+        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yNDA0MTUwNDA4MDBa
+        Fw0zNDA0MTMwNDA4MDBaMB4xHDAaBgNVBAMTE25hdHMtY2EuZXhhbXBsZS5jb20w
+        WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRF6Wjy5sm5quCKkqFBZERPcrCj2fL
+        xKjCNDJtwZijhR/DoHPImxnxXbcNuqXmFENDsleAXBb0YHTC6nauSCVmo0IwQDAO
+        BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPCFB/EwR
+        pk6xM9YSqzbLgchB6fQwCgYIKoZIzj0EAwIDSAAwRQIgCSCLQTN1K703YR/VXY+G
+        iYmI+nuDxvSE7s/u5hhmh+wCIQDXoxiQvQuokI06j6W1K5UgR6h9dUoKeTFQIqXp
+        uKPLhg==
         -----END CERTIFICATE-----
       client.crt: |
         -----BEGIN CERTIFICATE-----
-        MIIByDCCAW+gAwIBAgIUaBeYr4jOQfj1tZQsKmDqPtU9s8owCgYIKoZIzj0EAwIw
-        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yMjAzMDMxNDU2MDBa
-        Fw0zMjAyMjkxNDU2MDBaMBgxFjAUBgNVBAMTDWNpLXNzaC1wb3J0YWwwWTATBgcq
-        hkjOPQIBBggqhkjOPQMBBwNCAAQmoPrsEZpW2nNbuYVKwr0gBjls+wj/MMIY77OF
-        ImENLjh24BuZYIE65Ypwx9187st0eayx3AbxGxSwDHu3uqaFo4GQMIGNMA4GA1Ud
+        MIIByDCCAW+gAwIBAgIUJnuRfZT3Viio6HpYvGEehas9qWowCgYIKoZIzj0EAwIw
+        HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yNDA0MTUwNDA5MDBa
+        Fw0zNDA0MTMwNDA5MDBaMBgxFjAUBgNVBAMTDWNpLXNzaC1wb3J0YWwwWTATBgcq
+        hkjOPQIBBggqhkjOPQMBBwNCAATlrIBuIQSN8Ngdpk+i2KFcieDLeuPQ+DmRQ0cY
+        jsFBYeeZdcV2s5Kb99tJGeg4QWImsINiFJ37LhkuoatWRcsvo4GQMIGNMA4GA1Ud
         DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
-        A1UdDgQWBBRe9ZzMq2SD84txo9aMQb8Rl5OfLTAfBgNVHSMEGDAWgBQmcZhz6/DN
-        hdC9oVQiZJmcTK1SSTAYBgNVHREEETAPgg1jaS1zc2gtcG9ydGFsMAoGCCqGSM49
-        BAMCA0cAMEQCIGeTmjVk5evv1+dpddecLRhZqb2Op6YBuSxtiibEmaAJAiAuRI6A
-        s+LwZcCJaL8Gf3W0NIh03fv7VOJ5AWRzYXzpdg==
+        A1UdDgQWBBQz4i828vqWC/S52FfdnIYIXHLIvTAfBgNVHSMEGDAWgBQ8IUH8TBGm
+        TrEz1hKrNsuByEHp9DAYBgNVHREEETAPgg1jaS1zc2gtcG9ydGFsMAoGCCqGSM49
+        BAMCA0cAMEQCIGaSyihjkNL2DiUg6nftAUb2jXl97Y38cb8R/srWZdaaAiAC9K6r
+        jzJR6clzzHTzidSigsyeoBmhv7L6643jfB02HQ==
         -----END CERTIFICATE-----
       client.key: |
         -----BEGIN EC PRIVATE KEY-----
-        MHcCAQEEIGVXWxCYIOynJpYWn95j19DDNDeMZU+xYOhGU8IN9hwmoAoGCCqGSM49
-        AwEHoUQDQgAEJqD67BGaVtpzW7mFSsK9IAY5bPsI/zDCGO+zhSJhDS44duAbmWCB
-        OuWKcMfdfO7LdHmssdwG8RsUsAx7t7qmhQ==
+        MHcCAQEEINvOV43X7WgqNmkg++wNfmU033hwBDpSG7iDWh6ErzCXoAoGCCqGSM49
+        AwEHoUQDQgAE5ayAbiEEjfDYHaZPotihXIngy3rj0Pg5kUNHGI7BQWHnmXXFdrOS
+        m/fbSRnoOEFiJrCDYhSd+y4ZLqGrVkXLLw==
         -----END EC PRIVATE KEY-----
 
 sshPortal:

diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml
@@ -11,11 +11,11 @@ keycloakURL: http://lagoon-core-keycloak:8080
 minioURL: http://minio.minio.svc:9000
 minioUser: lagoonFilesAccessKey
 minioPass: lagoonFilesSecretKey
-routeSuffixHTTPPort: 32080
-routeSuffixHTTPSPort: 32443
+routeSuffixHTTPPort: 80
+routeSuffixHTTPSPort: 443
 sshHost: lagoon-core-ssh
 sshPort: 2020
-sshPortalHost: lagoon-remote-ssh-portal
+sshPortalHost: lagoon-remote-ssh-portal.lagoon.svc
 sshPortalPort: 2222
 sshTokenHost: lagoon-core-ssh-token
 sshTokenPort: 2223

diff --git a/test-suite-run.ct.yaml b/test-suite-run.ct.yaml
@@ -2,7 +2,7 @@
 target-branch: main
 charts:
 - charts/lagoon-test
-namespace: lagoon
+namespace: lagoon-core
 # release-label is required when specifying namespace:
 # https://github.com/helm/chart-testing/blob/v3.1.1/pkg/config/config.go#L117
 release-label: app.kubernetes.io/instance
diff --git a/test-suite.certmanager-issuer-ss.yaml b/test-suite.certmanager-issuer-ss.yaml
@@ -0,0 +1,38 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: lagoon-testing-ca
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: lagoon.test
+  subject:
+    organizations:
+      - Lagoon Testing Inc
+    organizationalUnits:
+      - Lagoon
+  dnsNames:
+    - lagoon.test
+  secretName: lagoon-test-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lagoon-testing-issuer
+spec:
+  ca:
+    secretName: lagoon-test-secret
diff --git a/test-suite.kind-config.calico.yaml.tpl b/test-suite.kind-config.calico.yaml.tpl
@@ -6,7 +6,7 @@ networking:
   podSubnet: 192.168.0.0/16
 containerdConfigPatches:
 - |-
-  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io:32443".tls]
+  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io".tls]
     insecure_skip_verify = true
-  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.${KIND_NODE_IP}.nip.io:32080"]
-    endpoint = ["http://registry.${KIND_NODE_IP}.nip.io:32080"]
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.${KIND_NODE_IP}.nip.io"]
+    endpoint = ["http://registry.${KIND_NODE_IP}.nip.io"]
diff --git a/test-suite.kind-config.yaml.tpl b/test-suite.kind-config.yaml.tpl
@@ -3,7 +3,7 @@ apiVersion: kind.x-k8s.io/v1alpha4
 name: chart-testing
 containerdConfigPatches:
 - |-
-  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io:32443".tls]
+  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io".tls]
     insecure_skip_verify = true
-  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.${KIND_NODE_IP}.nip.io:32080"]
-    endpoint = ["http://registry.${KIND_NODE_IP}.nip.io:32080"]
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.${KIND_NODE_IP}.nip.io"]
+    endpoint = ["http://registry.${KIND_NODE_IP}.nip.io"]
diff --git a/test-suite.metallb-pool.yaml.tpl b/test-suite.metallb-pool.yaml.tpl
@@ -0,0 +1,20 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  creationTimestamp: null
+  name: default
+  namespace: metallb-system
+spec:
+  addresses:
+    - ${LAGOON_KIND_NETWORK_RANGE}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  creationTimestamp: null
+  name: l2advertisement1
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - default
+